westchesterchilicookoff.com
Open in
urlscan Pro
166.62.110.90
Malicious Activity!
Public Scan
URL:
https://westchesterchilicookoff.com/Minnesota/Login.htm
Submission: On February 12 via manual from US
Submission: On February 12 via manual from US
Summary
This website contacted 1 IPs
in 1 countries
across 1 domains to perform 10 HTTP transactions.
The main IP is 166.62.110.90, located in
United States and
belongs to AS-26496-GO-DADDY-COM-LLC, US.
The main domain is westchesterchilicookoff.com.
TLS certificate: Issued by Go Daddy Secure Certificate Authority... on February 22nd 2020. Valid for: a year.
This is the only time westchesterchilicookoff.com was scanned on urlscan.io!
TLS certificate: Issued by Go Daddy Secure Certificate Authority... on February 22nd 2020. Valid for: a year.
This is the only time westchesterchilicookoff.com was scanned on urlscan.io!
urlscan.io Verdict: Potentially Malicious
Targeting these brands: US Government (Government)Domain & IP information
| IP Address | AS Autonomous System | ||
|---|---|---|---|
| 10 | 166.62.110.90 166.62.110.90 | 26496 (AS-26496-...) (AS-26496-GO-DADDY-COM-LLC) | |
| 10 | 1 |
10
166.62.110.90
(United States)
ASN26496 (AS-26496-GO-DADDY-COM-LLC, US)
PTR: ip-166-62-110-90.ip.secureserver.net
ASN26496 (AS-26496-GO-DADDY-COM-LLC, US)
PTR: ip-166-62-110-90.ip.secureserver.net
| westchesterchilicookoff.com |
| Apex Domain Subdomains |
Transfer | |
|---|---|---|
| 10 |
westchesterchilicookoff.com
westchesterchilicookoff.com |
167 KB |
| 10 | 1 |
| Domain | Requested by | |
|---|---|---|
| 10 | westchesterchilicookoff.com |
westchesterchilicookoff.com
|
| 10 | 1 |
This site contains links to these domains. Also see Links.
| Domain |
|---|
| www.uimn.org |
| www1.uimn.org |
| Subject Issuer | Validity | Valid | |
|---|---|---|---|
| westchesterchilicookoff.com Go Daddy Secure Certificate Authority - G2 |
2020-02-22 - 2021-04-22 |
a year | crt.sh |
This page contains 1 frames:
Primary Page:
https://westchesterchilicookoff.com/Minnesota/Login.htm
Frame ID: 340CE8554C94950F1039B46B793C0176
Requests: 10 HTTP requests in this frame
Screenshot
Detected technologies
Lua
(Programming Languages)
Expand
Overall confidence: 100%
Detected patterns
Detected patterns
- headers server /openresty(?:\/([\d.]+))?/i
Nginx
(Web Servers)
Expand
Overall confidence: 100%
Detected patterns
Detected patterns
- headers server /openresty(?:\/([\d.]+))?/i
OpenResty
(Web Servers)
Expand
Overall confidence: 100%
Detected patterns
Detected patterns
- headers server /openresty(?:\/([\d.]+))?/i
Ruxit
(Analytics)
Expand
Overall confidence: 100%
Detected patterns
Detected patterns
- script /ruxitagentjs/i
Page Statistics
8 Outgoing links
These are links going to different origins than the main page.
URL: http://www.uimn.org/applicants
Title: Information For Applicants
Title: Information For Applicants
Search URL Search Domain Scan URL
URL: http://www.uimn.org/assets/HowToApplyForUI_tcm1068-193561.pdf
Title: How to Apply
Title: How to Apply
Search URL Search Domain Scan URL
URL: http://www.uimn.org/applicants/help-support/info-handbook/info-handbook-intro.jsp
Title: Information Handbook
Title: Information Handbook
Search URL Search Domain Scan URL
URL: http://www.uimn.org/applicants/videos/
Title: Video Library
Title: Video Library
Search URL Search Domain Scan URL
URL: http://www.uimn.org/applicants/contact-us/
Title: Contact Us
Title: Contact Us
Search URL Search Domain Scan URL
URL: https://www1.uimn.org/ui_applicant/staticcontent/Accessibility_Statement.htm
Title: Accessibility
Title: Accessibility
Search URL Search Domain Scan URL
URL: https://www1.uimn.org/ui_applicant/staticcontent/PrivacyStatement.htm
Title: Privacy and security
Title: Privacy and security
Search URL Search Domain Scan URL
URL: https://www1.uimn.org/ui_applicant/staticcontent/prelim_Web_Page_Settings_Generic.html
Title: System requirements
Title: System requirements
Search URL Search Domain Scan URL
Redirected requests
There were HTTP redirect chains for the following requests:
10 HTTP transactions
| Method Protocol |
Resource Path |
Size x-fer |
Type MIME-Type |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
GET H2 |
Primary Request
Login.htm
westchesterchilicookoff.com/Minnesota/ |
21 KB 4 KB |
Document
text/html |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
|
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
|
GET H2 |
ruxitagentjs_ICA27SVdfhjqru_10207210127152629.js
westchesterchilicookoff.com/Minnesota/Login_files/ |
200 KB 78 KB |
Script
application/javascript |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
|
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
|
GET H2 |
ui.css
westchesterchilicookoff.com/Minnesota/Login_files/ |
13 KB 2 KB |
Stylesheet
text/css |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
|
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
|
GET H2 |
util.js
westchesterchilicookoff.com/Minnesota/Login_files/ |
5 KB 2 KB |
Script
application/javascript |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
|
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
|
GET H2 |
spacer.gif
westchesterchilicookoff.com/Minnesota/Login_files/ |
43 B 416 B |
Image
image/gif |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
|
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
|
GET H2 |
Unemployment%252520Insurance%252520Logo%252520RGB-websites-project.png
westchesterchilicookoff.com/Minnesota/Login_files/ |
77 KB 77 KB |
Image
image/png |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
|
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
|
GET H2 |
b_start.gif
westchesterchilicookoff.com/Minnesota/Login_files/ |
856 B 1 KB |
Image
image/gif |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
|
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
|
GET H2 |
b_login.gif
westchesterchilicookoff.com/Minnesota/Login_files/ |
679 B 1 KB |
Image
image/gif |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
|
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
|
POST H2 |
rb_bf91035bph
westchesterchilicookoff.com/ui_javascripts/ |
160 B 455 B |
XHR
text/html |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
|
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
|
POST H2 |
rb_bf91035bph
westchesterchilicookoff.com/ui_javascripts/ |
160 B 455 B |
XHR
text/html |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
|
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
Verdicts & Comments Add Verdict or Comment
Potentially malicious activity detected
Disclaimer: These verdicts should be used to detect potentially malicious websites, not as a final verdict!
urlscan
Phishing against: US Government (Government)17 JavaScript Global Variables
These are the non-standard "global" variables defined on the window object. These can be helpful in identifying possible client-side frameworks and code.
object| ontransitionrun object| ontransitionstart object| ontransitioncancel object| cookieStore function| showDirectoryPicker function| showOpenFilePicker function| showSaveFilePicker object| trustedTypes boolean| crossOriginIsolated object| dT_ object| dtrum boolean| isNN function| autoTab function| textCounter function| textCounterNew function| bindTextAreaEvents function| bindTextAreaEventsNew6 Cookies
Cookies are little pieces of information stored in the browser of a user. Whenever a user visits the site again, he will also send his cookie values, thus allowing the website to re-identify him even if he changed locations. This is how permanent logins work.
| Domain/Path | Expires | Name / Value |
|---|---|---|
| .westchesterchilicookoff.com/ | Name: dtPC Value: -20$356298125_941h2vUJJVUTAGBWUPEKEVRWSKUSLFMSASREEC-0e1 |
|
| .westchesterchilicookoff.com/ | Name: dtSa Value: - |
|
| .westchesterchilicookoff.com/ | Name: dtLatC Value: 222 |
|
| .westchesterchilicookoff.com/ | Name: rxVisitor Value: 1613156298130LIJRLDUVHL8DRD437MB3PN4PBA7V56AD |
|
| .westchesterchilicookoff.com/ | Name: rxvt Value: 1613158098533|1613156298131 |
|
| .westchesterchilicookoff.com/ | Name: dtCookie Value: -20$7OF14C9V6QFEHFRU5T37NMSIVJTP51SA |
Security Headers
This page lists any security headers set by the main page. If you want to understand what these mean and how to use them, head on over to this page
| Header | Value |
|---|---|
| Content-Security-Policy | upgrade-insecure-requests |
| Strict-Transport-Security | max-age=300 max-age=31536000; includeSubDomains |
| X-Content-Type-Options | nosniff |
| X-Xss-Protection | 1; mode=block |
Indicators
This is a term in the security industry to describe indicators such as IPs, Domains, Hashes, etc. This does not imply that any of these indicate malicious activity.
westchesterchilicookoff.com
166.62.110.90
15f72846e16f51ed9a4cad60079c727c97bb7a52d08aa2577f382aaefe36c5ad
402df36267c7dd63cd0180cf618c6002668ff2f2268415fd4195925952d53268
53778182e38b7ff1d8eb9d767dc1e54cb55a0aa1d639e55898067d21f3988897
723ee8544a8db6a9733f8855d9deaaf29b4b2b4692c99604f6871c59cb3921a9
819c5e6797cca1b144e323a7fbc9131b1896de02c153300bac606cfc8d1ed136
89fe0ee6020314794fc2cfeacf3d10c31050cfe56f8ebddf1ed0a33fbe941fa7
d14cc5be04b3ab95d8a382547e988d3536875528a0b195b1dcacc26989d24e46
f3ca101abe3776929aa7723f2bcb2174c1e3a21d38fd8e3528906ae16161eb43
f68919944da08e6a4ef0f83db998303c9fa58e9c138dd1e0852580d3b2b3a44b